Is it necessary to update the software on the device? The last blog in this series was about restricting access to a device. This one provides some high level principles about software updates. If a device is running out-of-date software, it may contain unpatched security vulnerabilities. Such vulnerabilities may allow exploitation of the device
Is it necessary to restrict access to or control of the device? In part four of the blog series on principles for IoT security, we look at general requirements in order to help prevent unauthorised access or control. If an attacker gains control of the device they may be able to access sensitive data,
Is the safe and/or timely arrival of data important? So far in this blog series, we have looked at both privacy and trust. For this part, we look at principles for scenarios where safety or timeliness is important. Consider how the service would be impacted if data could be blocked or delayed. Points to
IoT will become all-pervasive in industry, business and domestic settings, and healthcare is one of the sectors which has a great deal to gain. Introduction of IoT-type technologies is already underway - for example in wearables, implantables, injectables, robotics and automation. Yet there is likely to be pain as adoption rates increase and significant concerns
It's incredible to think that it hasn't quite been a year since we began asking some serious questions about how industry, and IoT's wider stakeholders, could work together to address a tsunami of concerns surrounding security. In less than a year we've been able to help drive awareness of the challenges, gather a core set of leaders,
During his talk at the 2015 IoTSF Conference, Robin Duke-Woolley gave his views on why security - across the 9 service sectors his company monitors - should be considered a vital enabler and not a cost. Having followed M2M (machine-to-machine) markets for more than 15 years, Robin is well placed to explain the emerging issues brought about by
Does the data need to be trusted? In part one of this blog series, we looked at whether the data needs to be private? In this blog, we tackle the issue of trust in IoT devices and systems. Data may need to be protected from tampering/modification in transit. This may be a malicious attacker,
In his talk "What I learned about IoT from hacking the Tesla Model S" given at the IoT Security Foundation's inaugural conference (Royal Society, London, Dec '15), Marc Rogers outlined how he managed to hack into the electronic systems of the iconic $90,000 car. Yet despite finding a number of significant vulnerabilities, Marc not
Security is an important part of almost every IoT deployment yet is often neglected in the development of systems. This blog series looks at questions that need to be considered when designing an IoT device, system or network. A common theme throughout is that investment in security at the design phase can save a lot
By Ken Munro, Director Pen Test Partners In terms of innovation, companies that make IoT devices are leaders, almost by default. They speed their products to market to fix problems that many of us didn’t know we even had. They give consumers the ability to feel that they are in some way “at home”
